Re: [GENERAL] Understanding pg_stat_user_indexes

On Fri, Feb 5, 2010 at 7:32 PM, Steve Crawford < scrawf...@pinpointresearch.com> wrote: > Josh Kupershmidt wrote: > > On Fri, Feb 5, 2010 at 12:02 PM, Steve Crawford < > scrawf...@pinpointresearch.com> wrote: > >> What causes an increment to idx_scan in pg_stat_user_indexes? "Select" >> queries o

Re: [GENERAL] Understanding pg_stat_user_indexes

Josh Kupershmidt wrote: On Fri, Feb 5, 2010 at 12:02 PM, Steve Crawford > wrote: What causes an increment to idx_scan in pg_stat_user_indexes? "Select" queries only? When used to enforce column uniqueness? When used for foreign-key constraints?

Re: [GENERAL] How can I test my web application against SQL Injections?

On Fri, 2010-02-05 at 21:20 +, Andre Lopes wrote: > I have build a Web Application using PostgreSQL as Database. I need to > test it against SQL Injections. What should I do? How to do an > accurate test against SQL Injections? There are a few things you can do, such as send various kinds of m

Re: [GENERAL] PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story)

On Fri, Feb 5, 2010 at 1:09 PM, John R Pierce wrote: > if you use parameterized calls (easy in perl, java, etc but not so easy in > php), you're should be immune.  in the past there were some issues with > specific evil mis-coded UTF8 sequences, but afaik, thats been cleared up for > quite a while

[GENERAL] How can I test my web application against SQL Injections?

Hi, I have build a Web Application using PostgreSQL as Database. I need to test it against SQL Injections. What should I do? How to do an accurate test against SQL Injections? Best Regards,

Re: [GENERAL] Understanding pg_stat_user_indexes

On Fri, Feb 5, 2010 at 12:02 PM, Steve Crawford < scrawf...@pinpointresearch.com> wrote: > What causes an increment to idx_scan in pg_stat_user_indexes? "Select" > queries only? When used to enforce column uniqueness? When used for > foreign-key constraints? > > The docs are a little sparse here:

Re: [GENERAL] \dt+ sizes don't include TOAST data

Alvaro Herrera wrote: > Tom Lane wrote: > > Greg Smith writes: > > > Florian Weimer wrote: > > >> The sizes displayed by \dt+ in version 8.4.2 do not take TOAST tables > > >> into account, presumably because the pg_relation_size does not reflect > > >> that, either. I think this is a bit surprisi

Re: [GENERAL] PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story)

John R Pierce schrieb: David Kerr wrote: Howdy all, We're using Postgres 8.3 with all of our apps connecting to the database with Hibernate / JPA. Our security team is concerned about SQL Injection attacks, and would like to implement some mod_security rules to protect against it. From what

[GENERAL] questions about a table's row estimates

I'm looking at pg_stat_user_tables in 8.4.2, and I'm confused about n_live_tup. Shouldn't that be at least fairly close to (n_tup_ins - n_tup-del)? It doesn't seem to be, but I'm unclear why. -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscripti

Re: [GENERAL] Questions on PostGreSQL Authentication mechanism...

Alvaro Herrera writes: > For example, perhaps there could be a new pair of functions > pg_read_hba_file/pg_write_hba_file that would work even if the files are > placed in other directories, but they (Debian) would need to propose > it. I don't remember they had to provide those GUCs: http://w

Re: [GENERAL] PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story)

David Kerr wrote: Howdy all, We're using Postgres 8.3 with all of our apps connecting to the database with Hibernate / JPA. Our security team is concerned about SQL Injection attacks, and would like to implement some mod_security rules to protect against it. From what I've read Postgres vani

[GENERAL] PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story)

Howdy all, We're using Postgres 8.3 with all of our apps connecting to the database with Hibernate / JPA. Our security team is concerned about SQL Injection attacks, and would like to implement some mod_security rules to protect against it. From what I've read Postgres vanilla is pretty robus

Re: [GENERAL] Verify a record has a column in a plpgsql trigger

Merlin Moncure wrote: On Thu, Feb 4, 2010 at 7:36 PM, Tim Landscheidt wrote: Any insight on a way I can grab NEW.(colRow.attname) without EXECUTE USING? Wouldn't it be *much* easier to just have /two/ trigger functions? Your "editor" columns probably don't pop up and disappear random

[GENERAL] Understanding pg_stat_user_indexes

What causes an increment to idx_scan in pg_stat_user_indexes? "Select" queries only? When used to enforce column uniqueness? When used for foreign-key constraints? I see lots of indexes with an idx_scan-count of zero but which are not actually superfluous as they are required to enforce constr

[GENERAL] Searching a DB index.. possible?

I am trying to figure out how I can introduce full text search "tips"... tips meaning, like if you start typing Mer .. then a box with a couple of words underneath comes up, with *Mercedes, Mercury *and so on :P I am thinking that the word suggestions needs to come from the already existing tsearc

Re: [GENERAL] Verify a record has a column in a plpgsql trigger

On Thu, Feb 4, 2010 at 7:36 PM, Tim Landscheidt wrote: >> Any insight on a way I can grab NEW.(colRow.attname) without EXECUTE USING? > > Wouldn't it be *much* easier to just have /two/ trigger > functions? Your "editor" columns probably don't pop up and > disappear randomly. or, you could pass a

Re: [GENERAL] Query to find list of dates between two dates

aravind chandu wrote: > can you please help me with the following query > > I need a query that displays all the dates in between two > dates say i give two dates 12/1/2009 and 12/31/2009 The > result should be like this > > 12/1/2009 > 12/2/2009 > 12/3/2009 > > . > . > . > . > . > 12/31/20

Re: [GENERAL] Idle in Transaction

Normally I get "Idle in Transaction" when there is already a connection which is holding a lock on a database object (e.g. a table). You've to check if there is a query holding a lock which causes all the other transactions to go in "Idle in Transaction" state. Look for other locks than AccesShareL

Re: [GENERAL] How to escape apostrophes when apostrophes already used to escape something else

On Fri, Feb 05, 2010 at 10:13:21AM +0100, Stefan Schwarzer wrote: > probably not too complicated, but although googling my way through > many pages, I don't find the solution. > > I have a query which uses already an apostrophe to escape something > else: Not sure if "dollar quoting" may be e

[GENERAL] Idle in Transaction

I see that every once in a while I get an Idle in Transaction that never ends. This eventually becames a problem, as this Idle in Transaction holds AccessShareLocks. Even if it didn't, if I reach the maximum number of transactions my application dies. Is there any way to know what the transaction

[GENERAL] Dynamic SQL, Return Query Execute with Join

Hi all, I wish to pass a query text (containing joins) and separate parameters to a plpgsql function that will return a result set (more than one row) using RETURN QUERY EEXECUTE, but am having trouble defining the result set because of the join. Am I limited to the result set being restricted to o

Re: [GENERAL] How to escape apostrophes when apostrophes already used to escape something else

On Fri, Feb 5, 2010 at 1:29 PM, Albe Laurenz wrote: > In your case, by using ''Cote dIvoire''. single quotes for string literals. So again: 'Cote d''lvoire'. -- GJ -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgr

Re: [GENERAL] How to escape apostrophes when apostrophes already used to escape something else

Stefan Schwarzer wrote: > probably not too complicated, but although googling my way through > many pages, I don't find the solution. > > I have a query which uses already an apostrophe to escape something > else: > > $query = "SELECT > * > FROM >

Re: [GENERAL] Query to find list of dates between two dates

On Fri, 5 Feb 2010 02:06:12 -0800 (PST) aravind chandu wrote: > Hello guys, > > can you please help me with the following query > > I need a query that displays all the dates in between two dates > say i give two dates 12/1/2009 and 12/31/2009 The result should be > like this select date '20

Re: [GENERAL] Query to find list of dates between two dates

You could use a query like this one here: and table.BEGIN_DATE <= pREFERENCE_END_DATE and (table.END_DATE >= pREFERENCE_BEGIN_DATE or table.END_DATE is null) Best Regards

Re: [GENERAL] Query to find list of dates between two dates

On 5 Feb 2010, at 11:06, aravind chandu wrote: > Hello guys, > > can you please help me with the following query > > I need a query that displays all the dates in between two dates say i give > two dates 12/1/2009 and 12/31/2009 The result should be like this > > 12/1/2009 > 12/2/2009 > 12/

[GENERAL] Query to find list of dates between two dates

Hello guys, can you please help me with the following query I need a query that displays all the dates in between two dates say i give two dates 12/1/2009 and 12/31/2009 The result should be like this 12/1/2009 12/2/2009 12/3/2009 . . . . . 12/31/2009 Note : Assume that there is no table Tha

Re: [GENERAL] Literals in foreign key definitions

On 4 Feb 2010, at 20:34, Tim Landscheidt wrote: > Alban Hertroys wrote: > >> [...] >> Now the intent here is to restrict foreign keys referencing the base class >> to unitclass records that describe a baseclass and to restrict foreign keys >> referencing a derived class to unitclass records th

[GENERAL] Valid lc-collate names on Windows

Hi all I am trying to find a collation that will support most European languages. I want something that will sort accentuated 'e' after normal 'e' as in French, 'n' with a '~' after normal 'n' as in Spanish, German Eszett as 'ss', etc... Is there a collation that does this on windows ? I have

Re: [GENERAL] Setting permissions to access schema and language

This can be done using "GRANT...ON..SCHEMA...". See http://www.postgresql.org/docs/8.4/interactive/sql-grant.html Cheers. On Thu, Feb 4, 2010 at 4:00 PM, Jignesh Shah wrote: > Hi, > > I know how to set the permissions for tables. Could anyone tell me how to > restrict people accessing and creati

Re: [GENERAL] How to escape apostrophes when apostrophes already used to escape something else

use $$ Or you can always use double single quotes, which is going to translate into single one, ie : blah = 'foo '' bar'; will give you "foo ' bar" string. -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpre

[GENERAL] How to escape apostrophes when apostrophes already used to escape something else

Hi there, probably not too complicated, but although googling my way through many pages, I don't find the solution. I have a query which uses already an apostrophe to escape something else: $query = "SELECT * FROM crosstab('S

Re: [GENERAL] SSL connection option from client side?

I got how SSL and SSH works in PostGreSQL from chapter 17.8 and 17.9. Thanks, Dip On Thu, Feb 4, 2010 at 1:16 PM, dipti shah wrote: > I got the information about how to set server configuration to make SSL > aware only from http://www.postgresql.org/docs/8.4/static/ssl-tcp.html. > Please see be